from the will-it-actually-happen? dept

The efforts to reform ECPA -- the Electronic Communications and Privacy Act -- have been going on for basically two decades at this point. The law, which was passed in 1986, has a whole bunch of problems, with the biggest one (as we've discussed dozens of times) being that it considers any email that's been on a server for more than 180 days "abandoned," and thus freely searchable by law enforcement without a warrant. That's because there was no concept of cloud computing back in 1986. People who got email "retrieved" those emails off of a server and downloaded them to local storage. Many in Congress have been trying to fix this for so, so, so many years. And it always gets blocked. The IRS and the SEC have both been fairly proactive in trying to block ECPA reform bills that will require a warrant (funny: I thought it was the 4th Amendment that made such a warrant necessary, but, silly me, no one cares about the 4th Amendment any more).

Last year, a plan to fix ECPA, called the Email Privacy Act, with an astounding 315 co-sponsors, passed the House unanimously. As we noted at the time, this is fairly incredible. In these contentious times -- especially on issues related to surveillance and law enforcement -- to have a unanimous vote on a law that says "get a warrant" if you want access to emails, is quite incredible. But, of course, even with that much support on that side of Congress, the Senate has a way of killing ECPA reform each and every year. Last year, a few Senators -- including Jeff Sessions, who is likely to be our next Attorney General -- tried to bury it with ridiculous amendments that would expand surveillance.

On Monday, the reintroduced Email Privacy Acteasily passed the House via a voice vote, showing that our Congressional Members still recognize how important this is. Of course, now it gets to go back to the Senate, and we saw how well that worked last year. And then we have to believe that President Trump will sign the bill. Stranger things have happened, of course, but it still seems like a longshot that real ECPA reform will become law this year. It's great that Rep. Kevin Yoder, along with Reps. Jared Polis, Bob Goodlatte, John Conyers, Ted Poe, Suzan DelBene, Will Hurd, Jerry Nadler, Doug Collins and Judy Chu keep pushing this bill. I disagree with many of the folks on that list on a number of other issues we cover, but the fact that they're willing to support basic 4th Amendment concepts for email is worthy of recognition. Now, hopefully, the Senate won't try to muck it up again.

from the because-fuck-the-4th-amendment,-that's-why dept

Hey, remember last week, when lots of folks were super excited about the US House of Representatives unanimously voting in favor of the Email Privacy Act? They voted 419 to 0. That kinda thing doesn't happen all that often. I mean, sure it happens when condemning ISIS, but they couldn't even make it when trying to put sanctions on North Korea. Basically, something needs to be really, really screwed up to get a unanimous vote in the House. And the Email Privacy Act, which goes a long way (though not far enough) towards fixing ECPA (the Electronic Communications Privacy Act of 1986) that makes it way too easy for the government to snoop on your electronic communications, actually got that unanimous vote.

So it should be moving forward and well on its path to becoming law, right? Right?!? Well... about that. You see, as we'd mentioned in the past, the SEC has been the main voice of opposition to the Email Privacy Act, since it (along with the IRS), kinda like the fact that they can snoop through emails without a warrant. Never mind that it's probably unconstitutional, it makes their jobs so much easier. And, really, isn't that the important thing?

Apparently, Senator Chuck Grassley thinks so. And, hey, bad luck for, well, everyone, because Grassley just happens to be the guy in charge of moving the bill forward on the Senate side. And he's not having any of it right now, claiming that there are "concerns" about the bill:

“Members of this committee on both sides of the aisle have expressed concerns about the details of this reform, and whether it’s balanced to reflect issues raised by law enforcement,” said Sen. Charles Grassley, the chairman of the Senate Judiciary Committee, on Thursday.

Concerns? It didn't seem like anyone in the House was concerned about it because (I should remind you) it passed unanimously. And that's because it's really only making fairly common sense changes to the law to require a warrant (as required by the 4th Amendment) to snoop on emails.

The Securities and Exchange Commission is still fighting a House-passed bill to require law enforcement to get a warrant before obtaining messages from email providers. “[The Email Privacy Act] would create a dangerous digital shelter for fraudsters,” SEC Enforcement Director Andrew Ceresney said in a statement to POLITICO. “The privacy interests the bill addresses can be fully achieved without blocking civil law enforcement agencies like the SEC from obtaining the evidence it needs to protect investors.”

No. Actually, it doesn't create a "digital shelter for fraudsters." That's SEC Enforcement Director Andrew Ceresney lying through his teeth. It just means that the 4th Amendment needs to be obeyed when obtaining emails that are hosted on cloud providers. Just like a warrant is needed to obtain someone's personal papers. It's not creating a digital shelter. It's harmonizing the rules for digital content so they match the rules for physical documents and communications. And, in doing so, protecting the privacy and the very concept of the 4th Amendment.

Either way, all that momentum in the House may be for nothing if the SEC and Grassley get their way.

from the didn't-see-that-coming dept

We've been talking about and asking for ECPA reform for many, many years, and it might finally be moving forward. ECPA is the Electronic Communications Privacy Act, which details how the government can get access to your electronic communications. The law was written in the early 1980s, and as you've probably noticed, we live in a very different world these days as it pertains to electronic communications. One key example: the law says that messages left on a server for more than 180 days are considered abandoned and can be searched without a warrant. That may have made some sense (though, not really) in a client-server era, where everyone downloaded their messages leading to them being deleted from a server, but it makes no sense at all in an era of cloud computing.

The main foes against updating ECPA have been government agencies that have investigatory powers, but not the ability to get a warrant -- mainly the SEC and the IRS, with the SEC being the real stumbling block. The SEC really liked the fact that it could snoop through emails without a warrant. So, even with massive support in Congress, ECPA reform never went anywhere.

So it was a bit surprising to folks this week to see Rep. Bob Goodlatte announce that the Judiciary Committee will now markup the ECPA reform bill, meaning that the bill is moving forward again. It's not entirely clear why it's happening now, but at the very least, it sounds like the SEC's constant protests may no longer be an obstacle. Hopefully it does move forward, and whatever results from the process leads to much stronger privacy protections on electronic communications, such as actually requiring a warrant, like the 4th Amendment says should happen.

from the updated-for-government-needs-and-wants dept

The SEC (Securities and Exchange Commission) has been fighting much-needed updates to the ECPA (Electronic Communications Privacy Act) for a few years now, claiming that treating old email like new email would somehow strip it of its power to investigate and punish wrongdoing. For no discernible reason, legislators decided to treat electronic mail like physical mail, designating unopened emails over six months old "abandoned" and accessible by almost anyone using nothing more than a subpoena.

Moving the law towards logic would insert a warrant requirement for old emails, bringing them under the same protection as emails less than 180 days old. But it's not just the SEC that's resistant to changing the law. It's also local law enforcement and the DOJ itself, both of which have greater powers than the SEC when it comes to accessing electronic communications.

The most recent hearing featured testimony from the SEC, DOJ and, for no discernible reason, the Tennessee Bureau of Investigation. The consensus is that the law should be updated, but not that part of it (SEC) and only if it makes it easier for law enforcement to obtain more stuff without warrants (DOJ, TBI).

The SEC's argument against the introduction of a warrant requirement is that it would prevent the agency from obtaining other user data from ISPs using only a subpoena, glossing over the fact that it likes having warrantless access to tons of email.

When we conduct an investigation, we generally will seek emails and other electronic communications from the key actors via an administrative subpoena – a statutorily authorized mechanism for gathering documents and other evidence in our investigations. In certain instances, the person whose emails are sought will respond to our request. But in other instances, the subpoena recipient may have erased emails, tendered only some emails, asserted damaged hardware, or refused to respond – unsurprisingly, individuals who violate the law are often reluctant to produce to the government evidence of their own misconduct. In still other instances, email account holders cannot be subpoenaed because they are beyond our jurisdiction.

It is at this point in an investigation that we may in some instances, when other mechanisms for obtaining the evidence are unlikely to be successful, need to seek information from the internet service provider (ISP). H.R. 699 would require government entities to procure a criminal warrant when they seek the content of emails and other electronic communications from ISPs. Because the SEC and other civil law enforcement agencies cannot obtain criminal warrants, we would effectively not be able to gather evidence, including communications such as emails, directly from an ISP, regardless of the circumstances.

As is (sort of) admitted in the SEC's testimony, the current law provides more protection for physical documents than electronic ones. However, SEC Director Andrew Ceresney spins this as an argument against modifying the ECPA.

Some have asserted that providing civil law enforcement with an ability to obtain electronic communications from ISPs in limited circumstances would mean electronic documents enjoy less protection than paper documents. That is not accurate. Indeed, as currently drafted, H.R. 699 would create an unprecedented digital shelter – unavailable for paper materials – that would enable wrongdoers to conceal an entire category of evidence from the SEC and civil law enforcement.

The DOJ and Tennessee Bureau of Investigation also express alarm at the proposed rollback of subpoena powers, but they use the kidnapping of children, rather than financial misconduct, as their starting points.

While the DOJ admits the 180-day cutoff period makes very little sense, it suggests no fixes along those lines. Instead, it suggests warrant exceptions for Pen Register statutes (information about communications) be aligned with those in the Wiretap Act (the communications themselves) so DOJ agencies can acquire the data along with the communications when operating a wiretap. It makes a certain amount of sense, but it's actually just the DOJ asking for the less-stringent set of exceptions (tied to the Wiretap Act, believe it or not) to be applied across the board.

It also asks for legislators to better define what can be accessed with certain orders to eliminate "inconsistency" in judge behavior.

The Fifth Circuit has interpreted this provision to require a court to issue a 2703(d) order when the government makes the “specific and articulable facts” showing specified by § 2703(d). See In re Application of the United States, 724 F.3d 600 (5th Cir. 2013). However, the Third Circuit has held that because the statute says that a § 2703(d) order “may” be issued if the government makes the necessary showing, judges may choose not to sign an application even if it provides the statutory showing. See In re Application of the United States, 620 F.3d 304 (3d Cir. 2010). The Third Circuit’s approach makes the issuance of § 2703(d) orders unpredictable and potentially inconsistent; some judges may impose additional requirements, while others may not.

(Hey, judicial inconsistency isn't much fun for defendants, either.)

Once again, the DOJ is looking for a less-stringent standard to be applied, rather than truly looking to bring this law into the 21st century. Its plea for "technologically-neutral" handling of communications data is similarly focused on applying a lower standard to the acquisition of communications, no matter their source.

The Tennessee Bureau of Investigation, on the other hand, argues that an updated ECPA would put too much power in the hands of ISPs and other entities responsive to law enforcement warrants and subpoenas.

H.R. 699 goes far beyond the commonly stated goal of modernizing ECPA by requiring a search warrant for all stored content. In fact, it creates protections for a wider range of stored electronic evidence that could pose a greater hindrance to law enforcement than protections afforded evidence stored on a computer inside a house or office. Searches in response to ECPA process are performed by service providers, not by law enforcement officers, and H.R. 699 extends the notice provisions previously necessary only with lesser levels of process like subpoenas along with the probable cause standard. The end result is that law enforcement has to get a search warrant to access more evidence, and must bear the added burden of notice requirements that were previously limited to lesser process, without the benefit of controlling the execution of the warrant.

Apparently, any increase in difficulty -- no matter its relation to the Fourth Amendment -- is unacceptable.

Because H.R. 699 in its current form imposes burdens that will make our job harder without offering any relief in other areas, we urge the committee not to pass H.R. 699 without amending the bill to reflect greater sensitivity to the concerns of the state and local law enforcement community. When we have to get a warrant, it should mean something; right now, H.R. 699 turns the compulsory process of a search warrant into a subpoena with a higher proof requirement.

The Bureau's Richard Littlehale further lays out his argument for lowered requirements by claiming entities being served with legal paperwork have been less than helpful in the past.

In many instances, we are unable to utilize evidence that would be of enormous value in protecting the public because the technologies used to carry and store that information are not accessible to us, no matter what legal process we obtain. That may be because of technological problems, but just as frequently it is because of non-technical barriers to access. The companies that retain these records are often unable or unwilling to respond to law enforcement’s lawful demands in a timely manner, and there are few consequences for an incomplete or inaccurate response. The primary emergency disclosure provision in the section of ECPA that we use to obtain stored content is voluntary for the providers, not mandatory, and even where emergency access is granted to law enforcement, in some instances, there is insufficient service provider compliance staff to process legitimate emergency requests quickly.

Littlehale's argument appears to be a paraphrasing of Pat Paulsen's satirical campaign slogan: if we (law enforcement) have to up our standards, up theirs! He apparently feels ISPs, etc. don't face enough legal penalties for not immediately handing over everything law enforcement demands, whether they have the capability to do so or not. Littlehale wants warrant service under a modified ECPA to more closely resemble warrant service at a residence: where cops announce their presence after they've entered and destroyed everything they touch in search of evidence. He can't handle the fact that private entities maintain control of digital communications sought and that his agency (and others) must approach them (rather than drive up on their lawns and shoot grenades through their windows) with the proper paperwork and wait until responsive information is gathered and turned over.

Much like the DOJ and the SEC, Littlehale doesn't want an updated law. He wants a law rewritten to treat digital communications like physical communications, bringing the barrier to access and the expectation of privacy down to the lowest level possible. That's what is really being discussed here. Not a rewrite of an outdated law to reflect the reality of modern communications, but ways to make an already law enforcement-friendly law even friendlier.

from the 'pretty-sure-we're-above-the-law,-judge' dept

Congress is once again declaring its willingness to hold everyone in the nation accountable for their actions, present party excepted.

Back in 2011, it was revealed that members of Congress were participating in insider trading. Spending a great deal of time conversing with lobbyists tends to result in the discussion of information that has yet to be made public. Legislators, being the opportunists they are, chose to buy and sell stock based on this insider info. Lobbyists -- also opportunists -- sometimes did the same thing. And it was all perfectly legal... at least for Congress.

This revelation did nothing to increase the public's goodwill towards its so-called "representatives." With its approval percentage (15%) sliding below that of Bernie Madoff's personal loan applications, Congress swiftly acted to close this loophole in the law.

Two years later, with everyone safely re-elected, Congress quietly excised the disclosure requirement in the new law, making it virtually impossible to verify whether or not it was actually playing by the rules it had made for itself. Predictably, it called the disclosure of such information a "national security risk."

Meanwhile, the SEC opened an investigation into Congressional insider trading related to health insurance companies. Congress refused to answer subpoenas or provide documents to the Commission. When ordered to by a federal judge, the House Ways and Means Committee gently explained that it could do whatever the fuck it wanted to.

The U.S. House Ways and Means Committee and a top staff member say the panel and its employees are "absolutely immune" from having to comply with subpoenas from a federal regulator in an insider-trading probe.

On November 13, U.S. District Judge Paul Gardephe agreed with most of the SEC’s claims and ordered Congress to comply with the subpoena within 10 days. “Members of Congress and congressional employees are not exempt from the insider trading prohibitions arising under the securities laws,” he wrote. Gardephe reminded the attorneys that “Congress barred such claims of immunity when it adopted” the STOCK Act.

Congress' top lawyer fought back, claiming certain, very specific words were missing from the STOCK Act and that legislators' immunity was still intact.

Kerry W. Kircher, the House general counsel, requested more time. Then, shortly before Thanksgiving, on November 25, he filed a motion to appeal the subpoena to the 2nd Circuit. Kircher argued that the STOCK Act did not explicitly authorize the SEC to issue subpoenas to Congress, even to investigate insider trading.

This may not result in the investigation being scuttled or the lawsuit being tossed, but it does buy Congress more time to figure out its next accountability-dodging move. Meanwhile, Congress members are doing what they can to ensure the battle the SEC is waging to at least hold them as accountable as their own STOCK Act promised they would, will be long, expensive and hopefully, ultimately fruitless. These efforts are also shady as hell.

Away from the spotlight, however, congressional leaders continue to fight enforcement and to shore up the target of the SEC inquiry. Rep. Pat Tiberi, R-Ohio, and Rep. Diane Black, R-Tenn., two lawmakers who served on the same committee as Sutter, have used PAC money to donate to the legal defense fund set up to defend him.

Campaign funding -- itself a toxic wasteland where morality and ideals go to die -- is being rerouted to keep Bruce Sutter, a former Ways and Means Committee member who allegedly passed on non-public Medicare reimbursement information to a lobbyist for law firm Greenberg Taurig. Not only will Congress members let nothing stand in the way of personally profiting from their time in office, they'll also apparently ensure those who previously got away with it will continue to elude being held accountable.

from the all-aboard-the-USS-Not-Our-Fault! dept

The Los Angeles school district's headfirst leap into technological waters has turned into the ultimate cautionary tale. Rather than ensure everything was up to spec, the district chose to distribute 90,000 iPads bundled with Pearson software and hand them over to its students… who cracked the minimal built-in protections within a week and turned the devices into something they wanted to use, rather than something they had to use.

Why the full-on dive? Well, it appears at least part of it may have been motivated by low-level corruption -- the sort of thing you'd expect to be present in a $500 million project, one that ballooned to $1.3 billion, even as most students went without new iPads or laptops. (Only 91,000 of the 650,000 iPads had been purchased by the point the program was shut down.)

The federal Securities and Exchange Commission recently opened an informal inquiry into whether Los Angeles school officials complied with legal guidelines in the use of bond funds for the now-abandoned $1.3-billion iPads-for-all project.

In particular, the agency was concerned with whether the L.A. Unified School District properly disclosed to investors and others how the bonds would be used, according to documents provided to The Times.

Now that the program is effectively dead and under intense scrutiny, the ineptness of the district's rollout is under discussion. The district is claiming this debacle really isn't its fault.

The Los Angeles Unified School District is seeking to recoup millions of dollars from technology giant Apple over a problem-plagued curriculum that was provided with iPads intended to be given to every student, teacher and administrator.

Apple may be in the headline and leading paragraph, but district officials seem more irritated with software provider Pearson. Under the terms of the agreement, Pearson was allowed to half-ass its way through the first year, providing only "partial curriculum." It was expected to be at least as prepared as the students by the beginning of the following school year. It wasn't, despite receiving $200 per iPad in licensing fees.

“Only two schools of 69 in the Instructional Technology Initiative ... use Pearson regularly,” according to an internal March report from project director Bernadette Lucas. “Any given class typically experiences one problem or more daily. Teachers report that the students enjoy the interactive content — when it’s available. When it’s not, teachers and students try to roll with the interruptions to teaching and learning as best they can.”

The remaining schools, she said, with more than 35,000 students, “have given up on attempting regular use of the app.”

Pearson, despite having received millions of dollars (and possibly some preferential treatment during the bidding process), is flunking. It hasn't created bilingual versions of its software -- something of a necessity in Los Angeles. The analytic software it promised to the district (as part of the justification for the software premiums) has yet to arrive. It hasn't even provided online versions of periodic achievement tests.

How much Apple and other device makers are really at fault is up for debate. As the device makers, they only needed to provide a device and operating system. The rest seems to be on Pearson, which at this point, should really be doing better at providing functional educational software. The LA school district may have erred in its decision to roll this out before ensuring everything worked properly, but the future's not just going to sit around waiting for giants like Pearson to get their end of the equation in order. The field is ripe for disruption. Or, it would be... if entrenched interests (government entities) weren't so set on bedding down with equally entrenched interests (textbook publishers).

But what comes across here is something more than just ensuring government contractors live up to the terms of their agreements. Above the better-late-than-never attempt at fiscal responsibility (always save your receipts!), you can hear the faint whinging noise of the district arguing that it shouldn't be responsible for its own botched rollout, financial impropriety or inability to respond to problems with more agility. As much as I'd like to bash Pearson (and I really, really would), there's definitely a hint of buck-passing in the air.

The district could have handled this better, but there was just too much money at stake. Hundreds of millions of dollars in expeditures can't guarantee working tech, but it goes a long way towards ensuring a certain level of mismanagement. Large contracts tend to bring out the worst in people. Not only will there almost always be some level of impropriety, but there will also be a compulsion to do everything fast and hard so the public can see where its money's being spent. Doing something, even if it's clumsy and questionable, is almost always preferable to doing it the right way. The LA school district wanted to win the race to the future, but only managed to knock over every hurdle before collapsing several hundred iPads short of the finish line. And now it wants the same companies it allegedly allowed to seduce it into handing over more that $500 million to give some of it back.

from the let's-get-this-straight-now... dept

For many years now, we've been writing about the need for ECPA reform. ECPA is the Electronic Communications Privacy Act, written in the mid-1980s, which has some frankly bizarre definitions and rules concerning the privacy of electronic information. There are a lot of weird ones but the one we talk about most is that ECPA defines electronic communications that have been on a server for 180 days or more as "abandoned," allowing them to be examined without a warrant and without probable cause as required under the 4th Amendment. That may have made sense in the 1980s when electronic communications tended to be downloaded to local machines (and deleted), but make little sense in an era of cloud computing when the majority of people store their email forever on servers. For the past few years, Congress has proposed reforming ECPA to require an actual warrant for such emails, and there's tremendous Congressional support for this.

And yet... it never seems to pass. The story that we keep hearing is that two government agencies in particular really like ECPA's outdated system: the IRS and the SEC. Since both only have administrative subpoena power, and not the ability to issue warrants like law enforcement, the lower standards of ECPA make it much easier for them to snoop through your emails without having to show probable cause. Last year, in a Congressional hearing, the SEC's boss, Mary Jo White, was questioned about this by Congressman Kevin Yoder, who has been leading the charge on ECPA reform. As we reported at the time, in the conversation, White clearly said that the SEC needed this ability or it would lose "critical" information in its investigations. You can see the conversation from 2014 below, where White (starting around 2:30) explains how vital this process is to the SEC:

Here's the key line:

"What concerns me, as the head of a... law enforcement agency, is that we not put out of reach of lawful process... what is often, sometimes the only, but critical evidence of a serious securities fraud.... And we use that authority quite judiciously, but it's extremely important to law enforcement."

What struck us as interesting last year was White admitting that the SEC appeared to regularly use this process, since she noted that it was "extremely important" and provided "critical evidence."

Fast forward to this week, and the same two players were involved in yet another Congressional hearing. You can
see that conversation here as well, with the critical point being made after about four and a half minutes, where White says some of the same stuff, about the privacy protections, and how even if the SEC used this process it still notifies the subscribers to give them a due process right to protest the subpoena... but also, oddly, seems to claim that the SEC never actually makes use of this process:

Here's the key line this time (the full response is a jumble of half sentences and unfinished thoughts, so it's a bit of a mess):

"While these discussions have been going on, to try to sufficiently balance the privacy and the law enforcement interests, we've not to date to my knowledge proceeded to subpoena the ISPs. But that, I think, is critical authority to be able to maintain -- done in the right way and with sufficient solicitousness and it's very important to the privacy interests which I do think can be balanced.

As I said, if you watch her entire response, it's a complete mess of half-finished thoughts, which seems rather typical of someone trying to sound like they're answering a question but not actually doing so. Later in the same answer, she insists that taking away this authority might take away an important tool.

So, we know that the SEC really wants to keep this tool. But last year it said it was "extremely important" and provided "critical evidence." This year, she's saying that the SEC isn't even using the tool. So, uh, which is it? Is this tool absolutely necessary for critical evidence, or is it not even being used by the SEC?

And, through all of this, the SEC still has not answered the most basic question: why can't it treat email the same way it has to treat paper documents under the 4th Amendment? That is, if it wants the document it can subpoena the end user for those documents. It does not get to route around the end user and subpoena a third party for those documents. So why can't it treat email in the same way?

from the the-last-time-we-reformed-our-privacy-laws... dept

For many, many years, we've been talking about the need for ECPA reform. ECPA -- the Electronic Communications Privacy Act -- is an incredibly outdated piece of legislation from the 1980s that governs law enforcement's ability to access email and other electronic communications. This was the era before the internet was anywhere close to the mainstream (though it did exist). Among the various weird parts of the law, it says that any communication that is over 180 days old and still on a server is considered "abandoned" so that the government can access it without a warrant. Think about that in this era when you keep all your communications online. It was written when lawmakers thought people would "download" the messages off a server. That's just the most noteworthy problem -- there are all sorts of different definitions based on messages that have been opened or not opened and other oddities as well, almost none of which make sense.

Last year we noted that more than half of the House was co-sponsoring a bill put forth by Reps. Kevin Yoder and Jared Polis to reform ECPA in a big way. But even with so many supporting the law, it failed to move. A big hurdle? Both the IRS and SEC (note: not your standard law enforcement agencies) like the fact that they can use ECPA to snoop through electronic communications (without a warrant -- which those agencies can't get on their own anyway).

Yoder and Polis are back again with another attempt, and it's matched by a similar legislation in the Senate from Senators Patrick Leahy and Mike Lee. To get attention for the bill, Yoder, Polis and some other supporters took to Twitter in a bit of a meme fest, highlighting some historical facts to demonstrate just how long it's been since ECPA became law. It's worth scrolling through them all (though, there are a lot), because some are pretty funny:

At this point, it's a complete travesty that such a bill hasn't become law. People have explained the need for it for well over a decade, and more than half of Congress was signed on to co-sponsor it in the last Congressional term. Already this new bill has 228 additional co-sponsors in the House and another 6 co-sponsors in the Senate. The IRS and SEC's objections are simply ridiculous. Having more convenient access to someone's emails is no excuse for not better protecting the privacy of our online communications.

Of course, this isn't the only effort going on to protect privacy. Reps. Zoe Lofgren, Ted Poe and Suzan DelBene have also introduced a bill to update ECPA. It's pretty clear that Congress knows that the law needs to be updated, and it's time to get past whatever objections there are and actually start protecting our privacy.

"I have a long record of support for open government and the FOIA process. I am concerned that provisions in this bill will have the unintended consequence of harming our ability to enforce the many important federal laws that protect American consumers from financial fraud and other abuses," Rockefeller said in a statement Friday. "According to experts across the federal government, these provisions would make it harder for federal agency attorneys to prepare their cases, and they would potentially give defendants new ways to obstruct and delay investigations into their conduct. I hope there is a way to address these concerns and pass the bill."

The two agencies offering up the most resistance to the bill appear to be the FTC and the SEC, both of which apparently feel the law creates a playground for targets of its investigations.

[S]ources said the agencies' concerns are that the legislation would allow companies to pierce the attorney-client and attorney work-product privileges, potentially giving targets of enforcement actions a roadmap detailing what kind or level of misconduct will trigger action and what kind is likely to be ignored.

There also appears to be a law enforcement contingent pushing for death of this bill as well.

"The bill would statutorily require government law enforcement agencies to withhold documents from a FOIA request only if they first establish that 'the agency reasonably foresees that disclosure would harm an interest protected by' the exemption invoked," said a Rockefeller aide who asked not to be named. "Consequently, the bill could expose law enforcement agencies to needless litigation and drain their already limited resources in defending FOIA decisions that have long been invoked for legitimate law enforcement purposes."

Transparency advocates point out that privileged attorney-client communications will remain privileged even with the passage of the bill and that government agencies will still retain the power to redact information and withhold documents -- they'll just need to start providing better explanations for these actions. As for the concerns about the new "forseeable harm" requirement? That requirement isn't even new.

"Agencies have been required to use this standard since 2009 when Attorney General Holder issued a memo requiring it. Agencies also used this same standard during President Clinton's term. It was only during President George W. Bush's term of secrecy that this standard was rolled back," [Patrice McDermott of OpenTheGovernment.org] wrote.

As it stands now, Rockefeller is standing alone among his fellow senators and representatives. Two unanimous votes -- one in the House and one in the Senate -- are being negated by a single Senator. Supporters of FOIA reform are urging people to contact his office and make it clear that Rockefeller alone shouldn't get to decide whether this bill lives or dies, especially considering its path to this point.

If, as the saying goes, justice is blind, the data would show little correlation between firms' political expenditures and their likelihood of being prosecuted. Instead, Correira found that "politically connected firms are on average less likely to be involved in an SEC enforcement action and face lower penalties if they are prosecuted by the SEC." Specifically, Correira discovered that firms that increased their PAC contributions by $1 million over five years ended up halving their probability of being prosecuted.

Yes, correlation is not automatically causation, yada yada, but that doesn't mean there isn't a causal relationship here. I guess it's possible one could argue that a company that increases its PAC contributions is somehow less likely to be also engaged in financial shenanigans, but I'm not sure anyone would actually buy that.

There are some other bits of data that don't speak particularly kindly to the motives of SEC folks, such as that old revolving door:

Data from the Project on Government Oversight has documented that since 2001, more than 400 former SEC officials filed disclosure forms documenting their plans to represent firms before the SEC. Correira's report shows that this revolving door also influences financial prosecutions, as companies that employ lobbyists who once worked for the SEC "experience a larger reduction in the probability of enforcement and in penalties than those that do not."

Of course, it might not be entirely the SEC's fault. As Correira suggests, the SEC may be responding to basic incentives itself, in noting that investigations and prosecutions of politically "friendly" firms may create "political consequences for itself and its budget." Sirota more or less got a former SEC official to admit that this all goes into the thought process:

In an interview with IBTimes, former SEC counsel Scott Kimpel acknowledged that the agency does have to weigh how to best maximize its limited resources.

"At the end of the day, the SEC only has about 1,000 enforcement officials, so they can't possibly go after every single case of wrongdoing," he said.

As Sirota again notes at the end of his article, this issue is not just for the SEC, but for other federal agencies as well, including the DOJ, which more or less admitted that it wouldn't prosecute Wall Street firms connected to the 2008 financial mess, because it might have "a negative impact on the national economy."

It's not clear how you directly solve this issue, but it certainly does seem like a very real problem. Between the revolving door and the power of campaign contributions, it's been quite clear for a long time that the government is not the people's representatives any more (if they ever were).